| View previous topic :: View next topic |
| Author |
Message |
listito
Cheater
![]() Reputation: 0
Joined: 31 Dec 2010
Posts: 35
|
 Posted: Wed Dec 14, 2011 11:40 pm Post subject: C hardware breakpoints |
 |
|
I'm trying to write a program to hw breakpoint but for some reason when the breakpoint is triggered, the handler is executed in an infinite loop, can someone tell me wtf is going on?
| Code: |
LONG WINAPI UnhandlerExceptionFilter(struct _EXCEPTION_POINTERS* ExceptionInfo)
{
// HW-breakpoints DON'T generate EXCEPTION_BREAKPOINT but EXCEPTION_SINGLE_STEP so we check for that
if(ExceptionInfo->ExceptionRecord->ExceptionCode==EXCEPTION_SINGLE_STEP )
{
// Verify that the breakpoint was the one we set
if ((DWORD)ExceptionInfo->ExceptionRecord->ExceptionAddress==dwBreakPoint)
{
// move instruction pointer forward to skip unwanted instructions and let
// the process continue as nothing has happened
Str=ExceptionInfo->ContextRecord->Edi;
return EXCEPTION_CONTINUE_EXECUTION;
}
}
// Some other exception occured. Pass it to next handler
return EXCEPTION_CONTINUE_SEARCH;
} |
|
|
| Back to top |
|
 |
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8585
Location: 127.0.0.1
|
| Posted: Thu Dec 15, 2011 9:39 am Post subject: |
|
|
You copied the code but removed one of the lines:
| Code: |
// Verify that the breakpoint was the one we set
if ((DWORD)ExceptionInfo->ExceptionRecord->ExceptionAddress==dwBreakPoint)
{
// move instruction pointer forward to skip unwanted instructions and let
// the process continue as nothing has happened
ExceptionInfo->ContextRecord->Eip+=nBreakPointJump;
return EXCEPTION_CONTINUE_EXECUTION;
}
|
Notice the EIP step.
_________________
- Retired. |
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Thu Dec 29, 2011 1:08 pm Post subject: |
|
|
| Wiccaan wrote: | You copied the code but removed one of the lines:
| Code: |
// Verify that the breakpoint was the one we set
if ((DWORD)ExceptionInfo->ExceptionRecord->ExceptionAddress==dwBreakPoint)
{
// move instruction pointer forward to skip unwanted instructions and let
// the process continue as nothing has happened
ExceptionInfo->ContextRecord->Eip+=nBreakPointJump;
return EXCEPTION_CONTINUE_EXECUTION;
}
|
Notice the EIP step. |
But how would you actually execute the instruction then skipping it? I'm under the impression that when you hit the hardware breakpoint, you are not executing the instruction and doing the EIP jump will skip over that instruction.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 473
Joined: 09 May 2003
Posts: 25900
Location: The netherlands
|
| Posted: Thu Dec 29, 2011 1:23 pm Post subject: |
|
|
If you're on Vista or later (So NOT XP):
Set the Resume flag(RF) in the eflags register before you continue. That will prevent the breakpoint from being called and that flag will clear itself automatically
| Code: |
ExceptionInfo->ContextRecord->EFlags|=0x10000;
|
If you are on XP:
Two solutions, neither of which is easy or straightforward:
1: Allocate a block of memory. Copy the original instruction to there. (If it is a jump/other relative instruction itself, adjust the jump)
After that place a jmp that jumps back to after the instruction your breakpoint is on
Now when the breakpoint is hit change eip to that routine
2:
Remove the breakpoint from the current thread.
Set the Trap flag in eflags (TF)
| Code: |
ExceptionInfo->ContextRecord->EFlags|=0x100;
|
Record that for this thread you have set the trap flag
Continue
You will receive a single step breakpoint. Check if it is from the thread you have removed the breakpoint from, and if it is the expected thread unset the trap flag (not sure if needed in windows, but a cpu does not do that automatically)
| Code: |
ExceptionInfo->ContextRecord->EFlags&=~(0x100);
|
And set the breakpoint back for this instruction
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
